router: add static routes to opnsense to fix vpn issues

hosts/router/firewall.nix

@@ -20,8 +20,9 @@ in
           ${ifs.lan40.name},
           ${ifs.lan50.name},
       }
-      define OPNSENSE_NET6 = ${pdFromWan}d::/64
+      define OPNSENSE_NET6 = ${vars.extra.opnsense.net6}
       define ZONE_LAN_EXTRA_NET6 = {
+          # TODO: reevaluate this statement
           ${ifs.lan20.net6},  # needed since packets can come in from wan on these addrs
           $OPNSENSE_NET6,
       }

hosts/router/ifconfig.nix

@@ -150,6 +150,7 @@ in
           ifs.lan40.name
           ifs.lan50.name
         ];
+        routes = vars.extra.opnsense.routes;
       };
       "30-vlan10" = mkLanConfig ifs.lan10;
       "30-vlan20" = mkLanConfig ifs.lan20;

hosts/router/vars.nix

@@ -95,4 +95,28 @@ rec {
       ulaPrefix_ = "${ulaPrefix}:0050";  # ::/64
     };
   };
+
+  extra = {
+    opnsense = rec {
+      addr4 = "${ifs.lan.p4}.250";
+      ulaAddr = "${ifs.lan.ulaPrefix}::250";
+      p6 = "${pdFromWan}d";
+      net6 = "${p6}::/64";
+      # VPN routes on opnsense
+      routes = [
+        {
+          Destination = "10.6.0.0/24";
+          Gateway = addr4;
+        }
+        {
+          Destination = "10.18.0.0/20";
+          Gateway = addr4;
+        }
+        {
+          Destination = net6;
+          Gateway = ulaAddr;
+        }
+      ];
+    };
+  };
 }